you should use Using & DbParameters!
your code is not Sql injection proof like this..
' Verify Enrollno.Text is not an empty string prior to attempting the Update<br /> If String.IsNullOrEmpty(Enrollno.Text) Then Return ' Assuming this code is in a Procedure or Function, of course.<br /> Using cnnOLEDB As New Data.OleDb.OleDbConnection("connectionstring goes here")<br /> Using cmdUpdate As Data.OleDb.OleDbCommand = cnnOLEDB.CreateCommand<br /> cmdUpdate.CommandText = "UPDATE erf SET (clnm=@clnm, sn=@sn, sec=@sec) WHERE Enrollno=@Enrollno"<br /> cmdUpdate.Parameters.AddWithValue("@clnm", clnm.text)<br /> cmdUpdate.Parameters.AddWithValue("@sn", sname.text)<br /> cmdUpdate.Parameters.AddWithValue("@sec", sec.text)<br /> cmdUpdate.Parameters.AddWithValue("@Enrollno", Enrollno.text)<br /> Try<br /> cmdUpdate.ExecuteNonQuery()<br /> MsgBox("Record Added Successfully...", MsgBoxStyle.Information)<br /> Catch ex As Exception<br /> MsgBox("error .." & ex.Message, "update record")<br /> End Try<br /> End Using<br /> End Using